If you are using ICS (see Using Internet Connection Sharing, page 301, to learn more about ICS), you should enable ICF on the Internet connection residing on the ICS host computer. If you have multiple Internet connections on the ICS host computer, enable ICF on each Internet connection. However, do not enable ICF on the local area connections between the ICS host and ICS clients. If you firewall other internal network connections, you will have network connectivity problems between computers.

If you are using a network in which several computers directly access the Internet through broadband or dial-up connections, you need to use ICF on each connection to the Internet, as shown in the following illustration. Again, make sure you do not firewall NICs that internally connect the LAN only enable ICF on the external Internet connections.

Using Barcode generation for BIRT reports Control to generate, create QR-Code image in BIRT applications.

www.OnBarcode.com

Internet DSL modem

LAN ICF

5

Accessing the Internet from a Large Network with Poor Security

Some large LAN and WAN environments do not have firewalls or any other kind of protective measures between them and their Internet connection. Although this situation is becoming less and less common, many colleges, universities, and other institutions continue to maintain an open network policy. In such situations, workstations normally use the same connection to access both LAN/ WAN and Internet resources, so it s normally wise to use some sort of firewall to protect your workstation. However, remember that although ICF will protect your Internet connection, it can cause headaches if you need to perform file and printer sharing with other Windows clients and servers within the LAN or WAN. This topic is discussed in Enabling File and Printer Sharing with ICF, page 132.

2: Internet Networking

5: Using Internet Connection Firewall

When You Should Not Use ICF

As a general rule, ICF can be used in most situations when you want to protect your computer from Internet attacks. However, you should not use ICF if

G You are using another firewall. If you are using a residential gateway or

another firewall software product, do not use ICF. You should only use one firewall product, whether that product is a hardware or software solution. Multiple firewall products usually do not work together and can cause you to lose your Internet connection. So, make a choice, but do not use ICF when another firewall solution is used.

G You are using a mail client that requires remote procedure calls. Some

mail programs, such as Microsoft Outlook in a Microsoft Exchange server environment, use remote procedure calls (RPCs), which allow mail servers to contact the program when there is mail to be delivered. ICF will block this kind of traffic because it has not been requested internally, so in some cases, ICF will simply not allow you to receive your mail automatically. Instead, you have to manually check for mail. If you are using Microsoft Outlook as a way to connect to an ISP mail server, Outlook will work fine with ICS. See Using ICF with E-mail Services, page 134, for more information.

G You need to share files across a virtual private network (VPN) connection,

because ICF can block such sharing. However, a workaround for this problem is presented in Enabling File and Printer Sharing with ICF, page 132.

What ICF Does Not Do

ICF is a basic firewall product that blocks traffic; however, it does not meet every possible need, and it does not protect you from every possible threat. For example: e-mail viruses, and worms are not detected by ICF. You need to use antivirus software with ICF for complete protection against these dangers.

G ICF does not protect you from Trojan horse programs. Once they get into

5

G ICF does not protect you from viruses or worms. Downloaded viruses,

your computer (usually in e-mail you receive), Trojan horse programs gather information from your computer, such as addresses from an e-mail address book, and send themselves in e-mail addressed to your contacts, spreading themselves further. Because ICF is only concerned with inbound traffic, ICF does not inspect outbound traffic for these threats. To ensure that your computer is not running Trojan horse programs, you need a program that can safeguard your computer. Some third-party firewall products,